Adrian Chadd wrote:
On Sun, Nov 11, 2007, Alex Vorona wrote:
Hello
I got transparent squid 2.6 on Linux box via iptables REDIRECT. All
works fine, but squid actually ignores original DST IP in hijacked
connection and uses Host header to resolve to IP and then connects to
that IP.
I believe thats a security feature.
This is acceptable, but not in transparent proxy.
Maybe I want to test my google on IP 1.1.1.1, but I can't :)
Allowing the client to control
the Host: name to destination IP mapping makes for some pretty horrible
cache poisoning possibilities.
Yes, it is. Maybe correct proxying of such requests without caching
will be solution?
Regards,
Alex
